From 52a62569056582da2862ffcfbb5c68bf7f25c4df Mon Sep 17 00:00:00 2001
From: slawkens <slawkens@gmail.com>
Date: Fri, 30 Jan 2026 22:54:09 +0100
Subject: [PATCH] Prevent injection in $db->hasColumn

---
 system/libs/pot/OTS_DB_MySQL.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/system/libs/pot/OTS_DB_MySQL.php b/system/libs/pot/OTS_DB_MySQL.php
index c8e73f56..2192aaca 100644
--- a/system/libs/pot/OTS_DB_MySQL.php
+++ b/system/libs/pot/OTS_DB_MySQL.php
@@ -216,8 +216,8 @@ class OTS_DB_MySQL extends OTS_Base_DB
 		return $this->hasColumnInternal($table, $column);
 	}
 
-	private function hasColumnInternal($table, $column) {
-		return $this->hasTable($table) && ($this->has_column_cache[$table . '.' . $column] = count($this->query('SHOW COLUMNS FROM `' . $table . "` LIKE '" . $column . "'")->fetchAll()) > 0);
+	private function hasColumnInternal($table, $column): bool {
+		return $this->hasTable($table) && ($this->has_column_cache[$table . '.' . $column] = count($this->query('SHOW COLUMNS FROM `' . $table . "` LIKE " . $this->quote($column))->fetchAll()) > 0);
 	}
 
 	public function hasTableAndColumns(string $table, array $columns = []): bool